<img src="https://csilinux.com/images/CSI_Tux/Seizing_Evidence_Operation_Owl_Eye/A_detective_Linux_penguin_in_a_suit_banner_001.png" width=100%>After Action Report
You are seeing this screen because you reached the end and answered everything correctly. We hope you had fun and that your skills were stretched; even if just a little.
This is a little token of appeciation for playing. Feel free to post on the discord or on your socials to share.
<img src="https://csilinux.com/files/stories/tag_-_oshint_shake_the_cobwebs.png">
As an added bonus, and as mentioned in the opening audio, there is a prize waiting for you if you complete a closing report. Your report can be in any format, including the CSI Linux report for those that used it. The report should include your walk-through that documents your steps, share your mental processes in figuring out what to do next, the tools and resources you used to complete the investigation, and screenshots of solutions or silly gifs (if that is your thing). Then send that report to CTF@CSILINUX.COM by DECEMBER 31, 2024.
@@.alert;PRIZE:@@ Get to the end for a special token.
Cheers,
CSI LINUX<a href="https://csilinux.com" target=_blank><img src="https://csilinux.com/images/CSI-Back.jpg" width=100%></a>
CSI Linux is a focused Linux distribution for digital forensics and was developed as an open source 'theme park' for the cyber security industry.
It has tons of capabilities for investigations, analysis and response! CSI Linux is available in a Virtual Machine Appliance, so you can isolate your evidence to minimize cross-contamination. It is also available in a Bootable Triage disk image (restore to an external/internal SSD/HDD/USB drive) and a pre-built workstation that you can use as a daily driver. Here is some what is contained in CSI Linux:
Online Investigations (OSINT, SOCMINT, Recon, Dark Web)
* Advanced Web Scraping Tools: Specialized utilities for harvesting information from websites and social media platforms, essential for Open Source Intelligence (OSINT) and Social Media Intelligence (SOCMINT).
* Domain Reconnaissance Utilities: Features that allow investigators to perform thorough analyses of domain names, DNS records, and associated IP addresses.
* Dark Web Explorers: Dedicated search engines and crawling tools to navigate Tor, I2P, and Lokinet safely, facilitating dark web investigations.
* Automated Report Generation: The platform may offer the capability to automatically compile gathered information into comprehensive reports for easier analysis and presentation.
Computer Forensics
* File System Analysis: Advanced tools for analyzing various types of file systems, including NTFS, FAT, HFS+, and EXT4.
* Data Carving Utilities: For retrieving deleted or hidden data from storage devices.
* Timeline Analysis: Tools that compile events into a timeline, making it easier to understand actions taken on a system before, during, and after an incident.
* Steganography Detection: Utilities for detecting hidden data in image and audio files, a common technique used to conceal malicious activities or sensitive data.
Incident Response
* Incident Dashboard: A centralized dashboard that can aggregate various logs and metrics in real-time for monitoring and quick response.
* Forensic Imaging: Tools to make bit-by-bit copies of compromised systems for in-depth analysis without affecting the original evidence.
Threat Hunting
* Network Traffic Analysis: Deep packet inspection tools to analyze network traffic for malicious activities.
* Threat Intelligence Feeds: Integration with various threat intelligence feeds for up-to-date information on new kinds of attacks and vulnerabilities.
Malware Analysis
* Sandbox Environments: A secure environment for detonating and studying malware to understand its behavior, characteristics, and impact.
* Static and Dynamic Analysis Tools: Utilities for both static code analysis and dynamic runtime analysis of malware.
* Decompilers and Debuggers: Tools for reversing malware code, making it easier to understand its functionality and origin.
Documentation and Legal Compliance
* Document Templates: Ready-to-use templates for legal and procedural documents such as Chain of Custody forms, Missing Persons reports, Non-Disclosure Agreements (NDAs), Network Authorization forms, Preservation Letters, and Mutual Legal Assistance Treaties (MLAT).
You can download CSI Linux at: <a href="https://csilinux.com" target=_black>CSILinux.com</a>
<<return>><a href="https://csilinux.com" target=_blank><img src="https://csilinux.com/images/CSI-Back.jpg" width=100%></a>
CSI Linux: Digital Forensics Evolved
CSI Linux stands at the pinnacle of digital forensics platforms. Crafted with precision and designed for both novices and professionals, it offers a robust environment where evidence preservation and deep forensic analysis converge. The platform encapsulates the entirety of the investigative process, providing users with cutting-edge tools and utilities. CSI Linux doesn't just represent a platform; it's the evolution of computer forensics in the digital age.
CSI Linux Academy: The Nexus of Knowledge
Beyond just tools and platforms, the journey into digital forensics demands comprehensive education and hands-on experience. Enter the CSI Linux Academy — a beacon for those who seek to elevate their skills and knowledge in the realm of online investigations.
Founded under the aegis of CSI Linux, the Academy offers meticulously curated courses that delve deep into the intricacies of digital forensics. Students learn not just the techniques but the ethics, the strategies, and the critical thought required in real-world investigations.
More than just a training environment, the CSI Linux Academy is a crucible where knowledge meets practice. Through rigorous training modules, practical exercises, and expert guidance, the Academy shapes the next generation of forensic investigators. And for those who desire to showcase their mastery, the Academy offers select certifications, revered badges of expertise in the forensic community.
Acknowledgements
Special thanks to every developer, instructor, and student who is a part of CSI Linux and CSI Linux Academy. Your collective efforts and commitment have made this journey possible. Together, we not only uncover the truths hidden in the digital realm but also uphold justice in our increasingly connected world.
<hr>
<b>Content</b>
Very greatful to those that do what they love and share it openly on the wild wild web. Thank you to J Lopes|https://unsplash.com/@offeringofpie
And to the "unnammed" for creating images that were added to help fill in the storyline. I dont know who you are but thank you for being a part of CSI and helping as you did,
Also thank you to opensource tools like AUDACITY, KDENLIVE, COAGULA, and all the online tool creators that assisted in creating the encoded content.
Thank you to Alb310 for allowing me to freely use content from their work to create this challenge.
Thank you to my friend unSansVisage for their time and talents in creating the audio content, and for never getting butt hurt because i had another idea after already having 10 others...
And thank you to CSI Linux for allowing me to create this silly little mind game for you.<video src="https://csilinux.com/videos/CSILinuxAcademyContentIntro.mp4" width=100% autoplay muted></video>
<center><h2><<type 60ms>>$operationName \<</type>></h2></center>
<!--***The timer does not need to be used this is just here to provide an example of how it could be used.-->
<<nobr>><<set $timerMsg to "">><<set $timedPassage to "intro">><<set $seconds to 6>><<include "app_Timer">><<set $lightMode = $lightMode>><</nobr>><a href="https://csilinux.com/academy" target=_blank>CSI Linux Academy</a><a href="https://csilinux.com" target=_blank><img src="https://csilinux.com/images/CSI_Tux/csilinux_white.png" width=75></a>.passage { max-width:200%; }
<!-- MENU VARIABLES -->
<<set $creditson to 1>>
<<set $restartme to 0>>
<!-- UNIVERSAL VARIABLES -->
<<<<set $operationName to "Operation OShINT - Shake The Cobwebs">>\
>>\
<<set $perfect to 1>>\
<<set $seconds to 60>>\
<<set $resources to 0>>\
<!-- INCREMENTING MONITORS -->
<<set $mulligan to 0>>
<<set $poorChoice to 0>>\
<<set $rabbitHole to 0>>\
<<set $terminalChoice to 0>>\
<!-- ACTION VARIABLES - Specific to the created operation -->
<!-- REPLACE the text for the $ with name of variable - $v1 to $varName-->
<<set $v1 to 0>>
<<set $v2 to 0>>
<<set $v3 to 0>>
<<set $shtf to 0>>
/*DO NOT EDIT BELOW THIS LINE*/
<<widget "toggle">>
<<if _args[3]>>_args[3]<</if>>
<<cycle "_answer1" autoselect>>
<<if $args[2]>><<option $args[0] 'first'>>
<<else>>
<<option $args[1] 'second'>>
<</if>>
<</cycle>>
<</widget>>
<<widget "question" container>>
<<button `"<span class='icon-question'></span>" + _args[0]` `_args[1]`>>_contents<</button>>
<</widget>>// Wait for the DOM to be ready
$(document).one(":passagerender", function() {
// Hide the Save button
$("#menu-item-save").hide();
// Hide the Load button
$("#menu-item-load").hide();
});
UIBar.destroy();!!STANDARD MENU ITEMS
<<if $creditson>>
<<link "CREDITS">><<goto "Credits">><</link>>
<</if>>
<<if $csilinux>>
<<link "CSI Linux">><<goto "CSI Linux">><</link>>
<</if>>
!!TRY AGAIN
<<if $restartme eq 1>>
<<click "Try Again">><<script>>state.restart();<</script>><</click>>
<</if>>
<style>
#menu li a {
color: red;
}
</style><img src="https://csilinux.com/images/CSI_Tux/Seizing_Evidence_Operation_Owl_Eye/A_detective_Linux_penguin_in_a_suit_banner_001.png" width=100%>\
<!--<<if ndef $attacker>><<set $attacker to "three toes">><</if>>\
<<if ndef $attackerAnswered>><<set $attackerAnswered to false>><</if>>\-->
<h2>Strange Sounds</h2>\
Howdy Investigator. I hope you have pen and paper, because you may want to take notes. @@.alert;HINT.@@
Yesterday, we received an audio file from a content creator that is working on some materials for the gang over at CSI Linux. They woke to find an email that had an attachment of an audio recording and a note that read, "We can play too." The audio file, according to the content creator, is a hacked up version of Episode 1 - CSILinux and OSINT.
Anyway, the audio was sent to the lab, and they told us they are back logged by about 21 days or more, because their Audio Engineer is on vacation somewhere in the Mediterranean Sea, on a sailboat, near 34.6129, 32.9742. Yes, they were oddly very specific, and we all laughed and wondered if that sailboat has wheels. We don't have time to wait because this little compromise has halted all production; while countermeasures are implemented to prevent this from happening again. Word has it that a C2 service was found running on an IoT device at the office; the secretary thought it just played on-hold music for the phone system.
Here is the audio recording.
<audio controls>
<source src="https://csilinux.com/files/stories/CSIL_OShINTro.mp3" type="audio/mp3">
<p>Your browser does not support HTML5 audio :(</p>
</audio>
If you want to download it, click the hamburger (3 dots) at on the player.
<<if $attackerAnswered is true>>\
<<button "Next Step">><<goto "detail_1">><</button>>\
<<else>>\
<<include "q0_brief">>\
<</if>> \<span id="countdown"></span>
<<silently>>
<<repeat 1s>>
<<set $seconds to $seconds - 1>>
<<if $seconds gt 0>>
<<if $timerMsg>>
<<replace "#countdown">>$timerMsg<</replace>>
<<else>>
<<replace "#countdown">><</replace>>
<</if>>
<<else>>
<<replace "#countdown">><</replace>>
<<goto $timedPassage>>
<<stop>>
<</if>>
<</repeat>>
<</silently>><img src="https://csilinux.com/images/CSI_Tux/Seizing_Evidence_Operation_Owl_Eye/A_detective_Linux_penguin_in_a_suit_banner_001.png" width=100%>Awseome!. THREE TOES is an elite ransomware operator that has a cybercriminal infrastructure that makes others seem kindergarten. We have only ever heard about them from through others and cannot imagine why a CSIL content creator would be a target for their team. But here we are.
Did you learn anything else?
@@.buttonyes;<<button "YES">><<goto "morsecode">><</button>>@@ <<button "NO">><<goto "TheBrief">><</button>><img src="https://csilinux.com/images/CSI_Tux/Seizing_Evidence_Operation_Owl_Eye/A_detective_Linux_penguin_in_a_suit_banner_001.png" width=100%>Way to go. YOU ARE AWESOME! You made it to the end
[[The end|exit]]<img src="https://csilinux.com/images/CSI_Tux/Seizing_Evidence_Operation_Owl_Eye/A_detective_Linux_penguin_in_a_suit_banner_001.png" width=100%>Celebrate good times come on. Let's celebrate. LOL
NOPE!!! It is not over yet. I have one more question for you and it will take you all the way back to the beginning.
<!-- QUESTION _11 -->\
This all started with an email. What were the words written in the email? (lowercase; including the punctuation)\
<<set _hash_11 to '-1054469980'>>
<<set $answer_11 to ''>>\
<<textbox '$answer_11' '' autofocus>>\
<span id='textbox-submit_11'>\
<<button 'Send Intel'>>\
<<set $answer_11 to $answer_11.trim().toLowerCase()>>\
<<if hashStr($answer_11) == _hash_11>>\
<<replace '#textbox-submit_11'>>\
<text style="color:#008000">Correct!</text>\
<<goto "AfterActionReport">>
<</replace>>\
<<replace '#textbox-reply_11'>><</replace>>\
<<run $('#textbox-answer_11').attr('readonly', 'true');>>\
<<else>>\
<<replace '#textbox-reply_11'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>\
<</if>>\
<</button>>\
</span>\
<span id='textbox-reply_11'></span>\
<<script>>$(document).one(":passagerender",function (ev) { $(ev.content).find("#textbox-answer_11").on("keyup",function (e) { if (e.keyCode === 13) { $("#textbox-submit_11 button").trigger("click");}});});<</script>>\<h3>This will be removed in the future</h3>\
Enter text here: <<textbox "_txt" "">><<button "Hash Text">><<set _val = hashStr(_txt)>><<run $("#test").empty().wiki(_val)>><</button>>
Hash: <span id="test"></span><video controls="" autoplay name="media">
<source src="https://csilinux.com/videos/Operation-OSHINT-Shake-the-Cobwebs-EPISODE-C.ALT.II.mp4" type="video/mp4">
Your browser does not support the video tag."></video><center><h2><<type 60ms>>$operationName \<</type>></h2></center><span><sup><i>A creation from the deviant minds of a couple CSIL volunteers, and brought to you by the CSI Linux Academy.</i></sup></span><p>Welcome to our group of challenges.
I assume that you have what it takes to navigate the labyrinth, borg-like mind of its creators; otherwise you would run in fear. But be careful, because if you get lost in here, then you will hear all the voices too.
In your future is a series of challenges that are meant to challenge varying skills. Oh, you thought because the title had OSINT in it that this was going to just be OSINT... (where would the fun be in that?)
Whatever you do - Don't smash your keyboard on the desk or scream at the air; people will know you are not working. Just take a deep breath (DEEPER!) and take solace in knowing that, all who enter will travel the same path, and once beyond the door, the only ways to leave are by closing the browser or reaching the end.
So stop reading this mindless dribble from the clown in the corner. Smash the like button and get busy.
</p>\
<<question "- LIKE -" "TheBrief">><<set $pro to true>>\<</question>>
@@.alert;NOTICE.@@ All responses to challenge questions are to be in "lower case"; unless otherwise specified.<img src="https://csilinux.com/images/CSI_Tux/Seizing_Evidence_Operation_Owl_Eye/A_detective_Linux_penguin_in_a_suit_banner_001.png" width=100%><center>
<table class="speech" width="700px">
<tr align=left>
<td><img src="https://images.unsplash.com/photo-1523183616954-5d0a9e552cbb?w=500&auto=format&fit=crop&q=60&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxzZWFyY2h8NDB8fGNhcnRvb24lMjBmYWNlc3xlbnwwfHwwfHx8MA%3D%3D" alt="pic" width=100px px/></td>
<td style="text-align:left" width=600px>Morning Chief. Have you heard anything?</td>
</tr>
</table>\
<table class="speech" width="700px">\
<tr align=left>
<td style="text-align:left" width=600px>Check with the team. They mentioned that they had found some hidden message that sent them turning the wild wild web upside down. So they surly have more intel by now.</td>
<td><img src="https://plus.unsplash.com/premium_photo-1682124324064-93e53187a6a8?w=500&auto=format&fit=crop&q=60&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxzZWFyY2h8MzN8fGNhcnRvb24lMjBmYWNlc3xlbnwwfHwwfHx8MA%3D%3D" alt="pic" width=100px px/></td>
</tr>
</table>\
<table class="speech" width="700px">
<tr align=left>
<td><img src="https://images.unsplash.com/photo-1523183616954-5d0a9e552cbb?w=500&auto=format&fit=crop&q=60&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxzZWFyY2h8NDB8fGNhcnRvb24lMjBmYWNlc3xlbnwwfHwwfHx8MA%3D%3D" alt="pic" width=100px px/></td>
<td style="text-align:left" width=600px>WILCO. Thank you for the info.</td>
</tr>
</table>\
</center>
Awesome work. I was talking to Chief and they mentioned there was some kind of message found and that it sent you all over the WWW looking for random things.<<set $morse_percent to 0>>
<<include "q1_morse">><!-- QUESTION 0 three toes-->
We need you to tell us who is responsible for this incident?
<<set $answer_0 to ''>>\
<<textbox '$answer_0' '' autofocus>>\
<span id='textbox-submit_0'>\
<<button 'Send Intel'>>
<<set $answer2 to $answer_0.trim().toLowerCase()>>
<<if hashStr($answer_0) == -1132296789>>
<<replace '#textbox-submit_0'>>\
<text style="color:#008000">Correct!</text>\<<set $attackerAnswered to true>>
<<goto "detail_1">>
<</replace>>
<<run $('#textbox-answer_0').attr('readonly', 'true');>>
<<else>>
<<replace '#textbox-reply_0'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>
<</if>>
<</button>>\
</span>\
\<<script>>
$(document).one(":passagerender", function (ev) {
$(ev.content).find("#textbox-answer_0").on("keyup", function (e) {
if (e.keyCode === 13) {
$("#textbox-submit_0 button").trigger("click");
}
});
});
<</script>>\
<span id='textbox-reply_0'></span>\<!-- QUESTION _10 -->\
On 11/19/2023 @ 12:45:55 there was a transaction for $318.10. What was the total amount withdrawn from the wallet? (example: 0.00)\
<<set _hash_10 to '1536427257'>>
<<set $answer_10 to ''>>\
<<textbox '$answer_10' '' autofocus>>\
<span id='textbox-submit_10'>\
<<button 'Send Intel'>>\
<<set $answer_10 to $answer_10.trim().toLowerCase()>>\
<<if hashStr($answer_10) == _hash_10>>\
<<replace '#textbox-submit_10'>>\
<text style="color:#008000">Correct!</text>\
<<goto "epilogue">>
<</replace>>\
<<replace '#textbox-reply_10'>><</replace>>\
<<run $('#textbox-answer_10').attr('readonly', 'true');>>\
<<else>>\
<<replace '#textbox-reply_10'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>\
<</if>>\
<</button>>\
</span>\
<span id='textbox-reply_10'></span>\
<<script>>$(document).one(":passagerender",function (ev) { $(ev.content).find("#textbox-answer_10").on("keyup",function (e) { if (e.keyCode === 13) { $("#textbox-submit_10 button").trigger("click");}});});<</script>>\
<br>
<img src="https://plus.unsplash.com/premium_photo-1675333967216-582cec11cf3e?w=500&auto=format&fit=crop&q=60&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxzZWFyY2h8MTk3fHxjb2J3ZWJ8ZW58MHx8MHx8fDA%3D" width=100%>\<!-- QUESTION 1 -->\
Was the message in some type of code?\
<<set _hash_1 to '15661547'>>
<<set $answer_1 to ''>>\
<<textbox '$answer_1' '' autofocus>>\
<span id='textbox-submit_1'>\
<<button 'Send Intel'>>
<<set $answer1 to $answer_0.trim().toLowerCase()>>
<<if hashStr($answer_1) == _hash_1>>
<<replace '#textbox-submit_1'>>\
<text style="color:#008000">Correct!</text>\
<<goto "q2_morse">>
<</replace>>
<<run $('#textbox-answer_1').attr('readonly', 'true');>>
<<else>>
<<replace '#textbox-reply_1'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>
<</if>>
<</button>>\
</span>\
\<<script>>
$(document).one(":passagerender", function (ev) {
$(ev.content).find("#textbox-answer_1").on("keyup", function (e) {
if (e.keyCode === 13) {
$("#textbox-submit_1 button").trigger("click");
}
});
});
<</script>>\
<span id='textbox-reply_1'></span>\<!-- QUESTION 2 morse code-->\
What is the name of the person the message asked you to identify?\
<<set _hash_2 to '365796861'>>
<<set $answer_2 to ''>>\
<<textbox '$answer_2' '' autofocus>>\
<span id='textbox-submit_2'>\
<<button 'Send Intel'>>\
<<set $answer_2 to $answer_2.trim().toLowerCase()>>\
<<if hashStr($answer_2) == _hash_2>>\
<<replace '#textbox-submit_2'>>\
<text style="color:#008000">Correct!</text>\
<<goto "q3_morse">>
<</replace>>\
<<replace '#textbox-reply_2'>><</replace>>\
<<run $('#textbox-answer_2').attr('readonly', 'true');>>\
<<set $morse_percent += 1>> /* Adds 1 to the current property value. */
<<else>>\
<<replace '#textbox-reply_2'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>\
<</if>>\
<</button>>\
</span>\
<span id='textbox-reply_2'></span>\
<<script>>$(document).one(":passagerender", function (ev) { $(ev.content).find("#textbox-answer_2").on("keyup", function (e) { if (e.keyCode === 13) { $("#textbox-submit_2 button").trigger("click"); } });});<</script>>\<!-- QUESTION 3 -->\
What is the death date of the wife?\
<<set _hash_3 to '493912205'>>
<<set $answer_3 to ''>>\
<<textbox '$answer_3' '' autofocus>>\
<span id='textbox-submit_3'>\
<<button 'Send Intel'>>\
<<set $answer_3 to $answer_3.trim().toLowerCase()>>\
<<if hashStr($answer_3) == _hash_3>>\
console.log(variables().answer_3);
<<replace '#textbox-submit_3'>>\
<text style="color:#008000">Correct!</text>\
<<goto "q4_morse">>
<</replace>>\
<<replace '#textbox-reply_3'>><</replace>>\
<<run $('#textbox-answer_3').attr('readonly', 'true');>>\
<<set $morse_percent += 1>> /* Adds 1 to the current property value. */
<<else>>\
<<replace '#textbox-reply_3'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>\
<</if>>\
<</button>>\
</span>\
<span id='textbox-reply_3'></span>\
<<script>>$(document).one(":passagerender", function (ev) { $(ev.content).find("#textbox-answer_3").on("keyup", function (e) { if (e.keyCode === 13) { $("#textbox-submit_3 button").trigger("click"); } });});<</script>>\<!-- QUESTION _4 -->\
If you look at the year of the release for each John McClane movie, what is the title of the first one?\
<<set _hash_4 to '-189727605'>>
<<set $answer_4 to ''>>\
<<textbox '$answer_4' '' autofocus>>\
<span id='textbox-submit_4'>\
<<button 'Send Intel'>>\
<<set $answer_4 to $answer_4.trim().toLowerCase()>>\
<<if hashStr($answer_4) == _hash_4>>\
console.log(variables().answer_4);
<<replace '#textbox-submit_4'>>\
<text style="color:#008000">Correct!</text>\
<<goto "q5_morse">>
<</replace>>\
<<replace '#textbox-reply_4'>><</replace>>\
<<run $('#textbox-answer_4').attr('readonly', 'true');>>\
<<set $morse_percent to $morse_percent + 1>> /* Adds 1 to the current property value. */
<<else>>\
<<replace '#textbox-reply_4'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>\
<</if>>\
<</button>>\
</span>\
<span id='textbox-reply_4'></span>\
<<script>>$(document).one(":passagerender", function (ev) { $(ev.content).find("#textbox-answer_4").on("keyup", function (e) { if (e.keyCode === 13) { $("#textbox-submit_4 button").trigger("click"); } });});<</script>>\<!-- QUESTION _5 -->\
What is the name of the lake that the Audio Engineer is supposedly sailing on?\
<<set _hash_5 to '1975284999'>>
<<set $answer_5 to ''>>\
<<textbox '$answer_5' '' autofocus>>\
<span id='textbox-submit_5'>\
<<button 'Send Intel'>>\
<<set $answer_5 to $answer_5.trim().toLowerCase()>>\
<<if hashStr($answer_5) == _hash_5>>\
<<replace '#textbox-submit_5'>>\
<text style="color:#008000">Correct!</text>\
<<goto "spider">>
<</replace>>\
<<replace '#textbox-reply_5'>><</replace>>\
<<run $('#textbox-answer_5').attr('readonly', 'true');>>\
<<else>>\
<<replace '#textbox-reply_5'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>\
<</if>>\
<</button>>\
</span>\
<span id='textbox-reply_5'></span>\
<<script>>$(document).one(":passagerender", function (ev) { $(ev.content).find("#textbox-answer_5").on("keyup", function (e) { if (e.keyCode === 13) { $("#textbox-submit_5 button").trigger("click"); } }); });<</script>>\<!-- QUESTION _6 -->\
What is the name of the infostealer?\
<<set _hash_6 to '1211590468'>>
<<set $answer_6 to ''>>\
<<textbox '$answer_6' '' autofocus>>\
<span id='textbox-submit_6'>\
<<button 'Send Intel'>>\
<<set $answer_6 to $answer_6.trim().toLowerCase()>>\
<<if hashStr($answer_6) == _hash_6>>\
<<set $_morse to $_morse + 1>>\
<<replace '#textbox-submit_6'>>\
<text style="color:#008000">Correct!</text>\
<<goto "q7_spider">>
<</replace>>\
<<replace '#textbox-reply_6'>><</replace>>\
<<run $('#textbox-answer_6').attr('readonly', 'true');>>\
<<set $risepro to $risepro + 1>>
<<else>>\
<<replace '#textbox-reply_6'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>\
<</if>>\
<</button>>\
</span>\
<span id='textbox-reply_6'></span>\
<<script>>$(document).one(":passagerender",function (ev) { $(ev.content).find("#textbox-answer_6").on("keyup",function (e) { if (e.keyCode === 13) { $("#textbox-submit_6 button").trigger("click");}});});<</script>>\<!-- QUESTION _7 -->\
What is the name of the agency that is identified as having tracked down the operator?\
<<set _hash_7 to '1698824863'>>
<<set $answer_7 to ''>>\
<<textbox '$answer_7' '' autofocus>>\
<span id='textbox-submit_7'>\
<<button 'Send Intel'>>\
<<set $answer_7 to $answer_7.trim().toLowerCase()>>\
<<if hashStr($answer_7) == _hash_7>>\
<<set $_morse to $_morse + 1>>\
<<replace '#textbox-submit_7'>>\
<text style="color:#008000">Correct!</text>\
<<goto "q8_spider">>
<</replace>>\
<<replace '#textbox-reply_7'>><</replace>>\
<<run $('#textbox-answer_7').attr('readonly', 'true');>>\
<<else>>\
<<replace '#textbox-reply_7'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>\
<</if>>\
<</button>>\
</span>\
<span id='textbox-reply_7'></span>\
<<script>>$(document).one(":passagerender",function (ev) { $(ev.content).find("#textbox-answer_7").on("keyup",function (e) { if (e.keyCode === 13) { $("#textbox-submit_7 button").trigger("click");}});});<</script>>\
<br>
<img src="https://images.unsplash.com/photo-1661125361286-7997573b9faf?w=500&auto=format&fit=crop&q=60&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxzZWFyY2h8Njh8fGNyb3dkJTIwc3RyaWtlfGVufDB8fDB8fHww" width=100%>\<!-- QUESTION _8 -->\
What is the name of the operator of the cybercriminal infrastructure?\
<<set _hash_8 to '-1998077310'>>
<<set $answer_8 to ''>>\
<<textbox '$answer_8' '' autofocus>>\
<span id='textbox-submit_8'>\
<<button 'Send Intel'>>\
<<set $answer_8 to $answer_8.trim().toLowerCase()>>\
<<if hashStr($answer_8) == _hash_8>>\
<<set $_morse to $_morse + 1>>\
<<replace '#textbox-submit_8'>>\
<text style="color:#008000">Correct!</text>\
<<goto "q9_spider">>
<</replace>>\
<<replace '#textbox-reply_8'>><</replace>>\
<<run $('#textbox-answer_8').attr('readonly', 'true');>>\
<<set $risepro to $risepro + 1>>
<<else>>\
<<replace '#textbox-reply_8'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>\
<</if>>\
<</button>>\
</span>\
<span id='textbox-reply_8'></span>\
<<script>>$(document).one(":passagerender",function (ev) { $(ev.content).find("#textbox-answer_8").on("keyup",function (e) { if (e.keyCode === 13) { $("#textbox-submit_8 button").trigger("click");}});});<</script>>\
<br>
<img src="https://images.unsplash.com/photo-1604149312346-aca6a2a742c5?q=80&w=1674&auto=format&fit=crop&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D" width=100%>\<!-- QUESTION _9 -->\
In the IoC list, there is a Bitcoin wallet address listed; what is that address?\
<<set _hash_9 to '-1651754517'>>
<<set $answer_9 to ''>>\
<<textbox '$answer_9' '' autofocus>>\
<span id='textbox-submit_9'>\
<<button 'Send Intel'>>\
<<set $answer_9 to $answer_9.trim().toLowerCase()>>\
<<if hashStr($answer_9) == _hash_9>>\
<<set $_morse to $_morse + 1>>\
<<replace '#textbox-submit_9'>>\
<text style="color:#008000">Correct!</text>\
<<goto "q10_spider">>
<</replace>>\
<<replace '#textbox-reply_9'>><</replace>>\
<<run $('#textbox-answer_9').attr('readonly', 'true');>>\
<<set $risepro to $risepro + 1>>
<<else>>\
<<replace '#textbox-reply_9'>>\
@@.alert;Incorrect.@@ Please try again.\
<</replace>>\
<</if>>\
<</button>>\
</span>\
<span id='textbox-reply_9'></span>\
<<script>>$(document).one(":passagerender",function (ev) { $(ev.content).find("#textbox-answer_9").on("keyup",function (e) { if (e.keyCode === 13) { $("#textbox-submit_9 button").trigger("click");}});});<</script>>\
<br>
<img src="https://plus.unsplash.com/premium_photo-1681400668073-a1947604dd36?w=500&auto=format&fit=crop&q=60&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxzZWFyY2h8MTg5fHxjb2J3ZWJ8ZW58MHx8MHx8fDA%3D" width=100%>\<img src="https://csilinux.com/images/CSI_Tux/Seizing_Evidence_Operation_Owl_Eye/A_detective_Linux_penguin_in_a_suit_banner_001.png" width=100%>Well done. So while you were working on that, one of the investigators, during the debrief, heard the name THREE TOES and it triggered them. It was a weird sight. They went pasty and seemed to lose the ability to speak, as they stared at the intel.
"Bbbbut... they are in prison. How the heck did they do this from a SUPERMAX?", and with that they ran out of the room, only to come back twenty minutes later with the following information.
Apparently, THREE TOES has teamed up with a very bad actor and their cybercriminal infrastructure. The agent says they are still working on it but that you could start your research with an article written by Alb310, on November 29, 2023. But that is all we got, because as they were talking, their phone rang, and they ran out of the room before we could ask any further questions.
See what you can figure out while we chase this basket-case around the agency. They are one of those total dark web nerds and if we don't catch them before they enter the basement we may not see them again for days.
[[Found the article and ready to report|spider_intel]]<img src="https://csilinux.com/images/CSI_Tux/Seizing_Evidence_Operation_Owl_Eye/A_detective_Linux_penguin_in_a_suit_banner_001.png" width=100%>Hey, sorry that took so long to get back to you. Seems like we both found the article. But since I am a novice at this, let me ask you some questions and see if I did any good.
<<include "q6_spider">>000 - released for review and QC 12/01/2023
001 - corrected phrasing, added a few images and misc content 12/04/2023
002 - Formatting changes and added intro video 12/14/2023/* <<textboxPlus>> widget v1.3 - Start */
/* Usage:
<<textboxPlus "Label: " "$variableName" `{
default: "Default value",
passage: "Passage name",
placeholder: "Placeholder text",
maxlength: 10,
spellcheck: false,
autofocus: true,
autocomplete: "off",
password: true,
readonly: true,
disabled: true,
onchange: "<<run alert('Text was changed.')>>",
oninput: "<<run alert('Input event triggered.')>>",
onreturn: "<<run alert('User hit RETURN.')>>"
}`>>
NOTE: If you put a space as the last character for the label then, instead
of the textbox appearing to the right of the label, the textbox will
appear on the line BELOW the label. Also, all of the options shown
within the third parameter above (after "$variableName") are optional.
For a list of all "autocomplete" options see:
https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete
*/
<<widget "textboxPlus">>
<<if ($args[1][0] !== "$") && ($args[1][0] !== "_")>>
/* Show error message for bad variable name. */
<span class="errmsg" data-msg="<<textboxPlus>> - Invalid variable name." @data-src="$args[1]"></span>
<<run $(document).one(":passagerender",
function (ev) {
$(ev.content).find(".errmsg").each(function (idx) {
throwError($(this), $(this).data("msg"), $(this).data("src"));
});
}
)>>
<<else>>
/* Create textboxPlus input box. */
<<if $args[1][0] === "$">>
<<set _textboxPlusName = "textbox-" + $args[1].substr(1).toLowerCase()>>
<<else>>
<<set _textboxPlusName = "textbox--" + $args[1].substr(1).toLowerCase()>>
<</if>>
<<if ndef $args[2]>>
<<set _textboxPlusOptions = {}>>
<<else>>
<<set _textboxPlusOptions = $args[2]>>
<</if>>
<<if ndef _textboxPlusOptions.placeholder>>
<<set _textboxPlusOptions.placeholder = "">>
<</if>>
<<if ndef _textboxPlusOptions.maxlength>>
<<set _textboxPlusOptions.maxlength = "">>
<</if>>
<<if ndef _textboxPlusOptions.spellcheck>>
<<set _textboxPlusOptions.spellcheck = true>>
<</if>>
<<if ndef _textboxPlusOptions.autocomplete>>
<<set _textboxPlusOptions.autocomplete = "">>
<</if>>
<<if ndef _textboxPlusOptions.password>>
<<set _textboxPlusOptions.password = "">>
<</if>>
<<if ndef _textboxPlusOptions.readonly>>
<<set _textboxPlusOptions.readonly = "">>
<</if>>
<<if ndef _textboxPlusOptions.disabled>>
<<set _textboxPlusOptions.disabled = "">>
<</if>>
<<if ndef _textboxPlusOptions.onchange>>
<<set _textboxPlusOptions.onchange = "">>
<</if>>
<<if ndef _textboxPlusOptions.oninput>>
<<set _textboxPlusOptions.oninput = "">>
<</if>>
<<if ndef _textboxPlusOptions.onreturn>>
<<set _textboxPlusOptions.onreturn = "">>
<</if>>
<span class="textboxplus" @data-variable="$args[1]" @data-placeholder="_textboxPlusOptions.placeholder" @data-maxlength="_textboxPlusOptions.maxlength" @data-spellcheck="_textboxPlusOptions.spellcheck" @data-autocomplete="_textboxPlusOptions.autocomplete" @data-password="_textboxPlusOptions.password" @data-readonly="_textboxPlusOptions.readonly" @data-disabled="_textboxPlusOptions.disabled" @data-onchange="_textboxPlusOptions.onchange" @data-oninput="_textboxPlusOptions.oninput" @data-onreturn="_textboxPlusOptions.onreturn">
<label @for="_textboxPlusName">$args[0]</label>
<<if $args[0][$args[0].length - 1] === " ">>
<br>
<</if>>
<<if ndef _textboxPlusOptions.default>>
<<set _textboxPlusOptions.default = "">>
<</if>>
<<if ndef _textboxPlusOptions.passage>>
<<if _textboxPlusOptions.autofocus>>
<<textbox $args[1] _textboxPlusOptions.default autofocus>>
<<else>>
<<textbox $args[1] _textboxPlusOptions.default>>
<</if>>
<<else>>
<<if _textboxPlusOptions.autofocus>>
<<textbox $args[1] _textboxPlusOptions.default _textboxPlusOptions.passage autofocus>>
<<else>>
<<textbox $args[1] _textboxPlusOptions.default _textboxPlusOptions.passage>>
<</if>>
<</if>>
</span>
<</if>>
<</widget>>
<<script>>
$(document).on(":passagerender", function (event) {
/* Update textboxPlus input boxes. */
$(event.content).find(".textboxplus").each(function () {
var options = {}, props = {};
var data = $(this).data("placeholder");
if (data) {
options.placeholder = data;
}
data = $(this).data("maxlength");
if (data) {
options.maxlength = data;
}
data = $(this).data("spellcheck");
if (data.toString().toLowerCase() === "false") {
options.spellcheck = "false";
}
data = $(this).data("autocomplete");
if (data) {
options.autocomplete = data;
}
data = $(this).data("password");
if (data) {
props.type = "password";
}
data = $(this).data("readonly");
if (data) {
props.readonly = data;
}
data = $(this).data("disabled");
if (data) {
props.disabled = data;
}
$(this).find("input").each(function () {
if (props.type) {
$(this).removeProp("type").attr(options).prop(props);
} else {
$(this).attr(options).prop(props);
}
});
var changeCode = $(this).data("onchange");
if (changeCode) {
$(this).find("input").on("change", function (event) {
$.wiki(changeCode);
});
}
var inputCode = $(this).data("oninput"), parent = this;
if (inputCode) {
$(this).find("input").on("input", function (event) {
State.setVar($(parent).data("variable"), $(this).val());
$.wiki(inputCode);
});
}
var returnCode = $(this).data("onreturn");
if (returnCode) {
$(this).on("keyup", function (event) {
if (event.key === "Enter") {
$.wiki(returnCode);
}
});
}
});
});
<</script>>
/* <<textboxPlus>> widget - End */